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"^J ' Abstract 

rl^ A new effective decoding algorithm is presented for arbitrary algebraic- 

geometric codes on the basis of solving a generalized key equation with 
the majority coset scheme of Duursma. It is an improvement of Ehrhard's 
algorithm, since the method corrects up to the half of the Goppa distance 
with complexity order C(n 2,81 ), and with no further assumption on the 
degree of the divisor G. 
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1 Introduction 



Decoding algebraic-geometric codes (AG codes in short) in an effective way 
can be done by means of solving a key equation, generalizing the ideas of the 
Berlekamp-Massey algorithm for BCH codes or the Euclidean algorithm for 
classical Goppa codes (see M). In the original version of Porter, Shcn and 
Pellikaan (see 12 ), only one-point codes with further assumptions on the curve 

JV ' were decoded, but the main ideas of the method can be extended for arbitrary 

curves and AG codes with Ehrhard's version of the key equation. Nevertheless, 
this algorithm does not correct up to the Goppa distance, but the complexity is 

5-j | only 0(n 3 ) (more details in J4[). Our aim is to include in this method a majority 

scheme which generalizes the ideas of Feng and Rao for one point codes (see 
[|S|), together with giving an improvement of the complexity by using the new 
methods given in JL4J to solve linear equations. Thus, the algorithm that we 
propose improves both the decoding capacity and the complexity without losing 
the generality of its application to arbitrary AG codes. It uses the majority coset 
decoding scheme, which was introduced by Duursma, with the only further 
assumption that there is an extra rational point in the curve which is not used 
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in the construction of the codes (more details in 0]). This hypothesis is actually 
a weakening of the assumptions required by Porter's method. 

In section 2 we rewrite Ehrhard's key equation in a way that is closer to 
the original ideas of Porter, Shen and Pellikaan, in order to show the explicit 
connection between both works. Afterwards, we summarize in section 3 the 
main ideas of Duursma's majority coset scheme, in order to give in section 4 an 
algorithm which includes the above majority scheme in the key equation, so that 
one can increase the error capacity without the assumption deg G > 6g — It — 2, 
where r is the gonality of the curve, which is required in Ehrhard's algorithm 
given in || (see also || for further details). In the paper, we fix a non-singular 
absolutely irreducible projective algebraic curve \ defined over W q and rational 
points Pi,...,P„ of x. 

2 Key equation and decoding 

Let G be a rational divisor whose support is disjoint to D = Pi + . . . + P n . 
Assume that 2g — 2 < degG < n + g, and consider the code C = Cq(D,G), 
that is the image of the linear injective map 

res D : fl(G - D) -> W n q 

rj h^ (res Pl (r)),.. .,res Pn {rj)) 

with dimension k > n — deg G + g — 1 and minimum distance d > d* = deg G + 
2 — 2g, where g is the genus of the curve. In the sequel, we fix a divisor G* 
with £(G*) = and G > G* . In order to decode C, we will give a result for 
preparation. 

Lemma 1 There exists a vector space V of differential forms such that Q(G — 
D) C V and resjy : V —>■ IF" is an isomorphism. 

Proof : 

Since fl(G — D) C J7(G* — D), it suffices to prove that reso is surjective 
on J7(G* — D), because it is injective on fl(G — D). But the kernel of reso 
considered on n(G* - D) is Q(G*); hence the rank is i(G* - D) - i{G*) = 
deg G* — deg (G* — D) = n, because of the Riemann-Roch formula. 

□ 



Remark 1 In the sequel we fix an arbitrary differential form rj ^ and write 
K = {rj) . Then for any rational divisor H consider the isomorphism 

C{K-H) -^Q(H) 



given by 

f !-> fV 

This map is compatible with inclusions and restrictions, and so the inclusions 
Q(G - D) C V C tt(G* - D) give the corresponding C{K + D - G) C U C 
£(!£ + D — G*), where the map f <—> resj){frj) is an isomorphism from U onto 
IF" Denote the inverse of this last map by y i— ► /j y; i.e. /i y is t/ie unique 
element in U such that resr)(h y ri) = y. 

Because of the bijection C *-* C(K + D — G) given by y <-> /i y , the decoding 
problem can be obviously described as follows: 

(*) Given y € IF" , /md a function h c G £(i^ + D — G) swc/i i/iat 
/i e ?7 ft«s « minimal number of poles in sup (D), where h e — h y — h c . 

This problem will be solved by the following definition and results. 

Definition 1 Given an arbitrary divisor F , a solution of the key equation for 
the received word y (related to F) is a triple (f,q,r) £ (£(-F) \ {0}) x C(K + 
F + D - G) x C(K + F -G*) such that f h y = q + r . 

q r q 

Notice that this definition means that h v = 1 and h c = — G C(K + 

f f f 

D — G). Thus, what we need to solve the decoding problem is giving conditions 

r 
so that h e = — has few poles in sup (D). This is done by the following theorem. 

Theorem 1 (Decoding theorem) Let y = c + e, where c G G. Then: 

1. If C(F — D e ) ^ ; then there exists a solution of the key equation. 

2. If deg F +wt(e) < d* , then any solution (f,q,r) of the key equation satisfies 

fqn\ frn 

res D I — I = c and res D I — 

Proof : 



1. Take a non-zero function / G C(F - D e ) C C(F). Then (f h c ) > G - 
D - F - K, (fh e ) > -F + D e + G* - D e - K = G* - F - K and 
/ h y = f h c + / h e ; hence the triple (/, / h Cl f h e ) is a solution of the key 
equation. 

2. Denote by D e the divisor of poles of h e r) in the support of D. Let (/, q, r) 
be a solution of the key equation and set tp = r — f h e = / h c — q. One 
can estimate the following divisors: 

K+(r- f h e ) > min{G* - F, G* - F - D e } = G* - F - D e 



and 

K+(fh c -q)>G-F-D 

what means that <p £ C(K + F + D e - G*) H C(K + F + D - G) = 
C(K + F + D e - G) = 0, since by assumption deg (K + F + D e - G) = 
2g-2 + deg (F) + wt{e) - deg (G) < 0. Hence (p = r- / h e = f h c -q = 0, 
what yields the theorem. 

□ 

Assume from now on that C(F — D e ) ^ and deg F + wt(e) < d* (notice 
that both assumptions are satisfied if wt(e) < v and deg (F) = v + g, where 

; that is, when there are few errors and F is small). Thus, for 

a fixed y € IF" define the linear map 

e y : C(F) -> C(K + F + D-G*) 

f l-> fK 

Since deg {G - F) > deg G - d* = 2g - 2, one has C{K + F + D - G) n C(K + 
F — G*) = C(K + F — G) =0, and hence there exists a vector space W such 
that 

C(K + F + D-G*) = C{K + F + D-G)® £{K + F-G*)®W 

Denoting by irw and 7r* the natural projections onto W and C(K + F — G*) 
respectively, notice that the key equation means that e y (/) has a null projection 
onto W. Therefore, if there exists a codeword c satisfying wt(y — c) < t, where 

< t < is fixed, one can compute the error vector with the 

following algorithm, where a suitable basis for every above function space is 
assumed to be previously calculated. Such bases can be computed by means of 
Brill-Noether algorithm (see 0). 

Algorithm 1 (K. G (F)) 

1. Compute a matrix for the linear map e y . 

2. Find a non-zero function f € ker (ttw ° %)■ 

3. Compute r = ir* (e y (f)). 

m d* — 1 

4. Compute e = resrj — , checking that y — e £ C and wt(e) < 



if the number of comitted errors is greater than the bound 



and 



Notice that most of the calculations in this algorithm are concentrated in 
the first two steps, and thus its complexity is that of solving linear equations 
(see Q). Also notice that the algorithm may fail in the second or forth steps 

d*-g-l 
2 

hence it cannot correct in general up to the half of the Goppa distance. In order 
to do it, we can use a majority voting scheme, what will be explained in the 
next sections. 

Remark 2 We show now how the above results generalize those of Porter, Shen 
and Pellikaan, and why they are stronger. Following the notations from p3\], 
the original algorithm works with the codes C — Cn(D,E — t-iP), where E is 
the divisor of zeros of a function h 6 Koo{P) without zeros in sup (D), K^^P) 
being the ring of those functions having poles only at P , P being a rational point 
distinct from sup(D), and where p is a positive integer. In this case, we can 
obviously take G* = —fiP. For the sake of simplicity, assume that there exists 
a differential form 7/ such that (rj) = (2g — 2)P. 

Firstly, from the isomorphism given by lemma 1 we obtain a basis E\, . . . ,£„ 
of V such that resp>(si), . . . ,resrj(e n ) is the canonical basis of IF™ . Then, 
Porter defines a "syndrome function" by 



S y- r ) = YsVi 



Notice that S y £ K^P), S y = h y (mod h) and —vp(S y ) < m + 2g — 1, where 
m = —vp(h). On the other hand, Porter's result to decode C can be rewritten 
as follows (see W for further details): 

If there is an integer t such thatt+wt(e) < d* and functions f,q,r £ 
Koo(P) satisfying —vp(r) < t + 2g — 2 + \x, —vp(f) < t and the 
"polynomial key equation" 



fS y = gh + r 



r 
then h e = — . 

f 



Such triples (f,g,r) are called "valid solutions" in \12J . Thus, by taking 

K=(r)) = (2g - 2)P and F = tP, one has f € C(F) and r € C{K + F- G*), 

and hence this is a particular case of our method \\. Moreover, one obtains 

rrt 
e = reso—f where f has few zeros for F "small" (because of (/) + F > ) and 

rrj 
thus, for a suitable choice oft and W t(e), y has a mutunal number of poles 

1 In particular, the condition of being minimal for a valid solution can be dismissed from 
the results of Porter. 



in sup(D), according to the formulation (*) of the decoding problem. This is 
actually the underlying idea of Porter, which was carried out by a "row reduction 
process" at a certain resultant matrix, but of course it can also be done by simple 
techniques of linear algebra, as we have explained above. 

Thus, the results of our paper are stronger than the originals, since they work 
with an arbitrary divisor G and we do not require any special differential form 
rj or rational function h, what is actually a very strong restriction. Moreover, 
one obtains a quite similar formula to compute the error just from h y , without 
the need of the syndrome S y . 

3 Majority coset decoding 

This section is abstracted from M. Assume that there exists a rational point 
Poo ^ sup(D), and let H x be a rational divisor whose support is disjoint to 
sup (D). Set H Q = H 1 - P x and H 2 = H x + P^ . For i = 0, 1,2 , let C, = 
C n (D, Hi) and d* = deg (H t ) + 2 - 2g. One obviously has C 2 C x 2 C 2 . 

For an error vector e such that wt(e) < (d* — l)/2 we want to solve the 
following problem: 

Given y x with yi — e 6 C\, finding y 2 such that y 2 — e G C 2 • 

Such a problem is called coset decoding procedure related to the extension C\ D 
C 2 , where we obviously can assume that C\ ^ C 2 . 

Thus, for a given y £ IF" and for any rational function h without poles in 
sup {D), one defines the syndrome S y (h) by the expression 

n 

s y (h)=j2y^ h ( p ^ €W " 

3=1 

which is linear with respect to both y and h. 

It is very easy to prove that the syndrome is a coset invariant, i.e. S y (h) = 
S e (h) for all h £ C(H t ) if and only if y - e e C % , for i = 0, 1, 2 . Hence, y £ C t 
if and only if S y (h) = for all h G C{H L ). 

On the other hand, for an arbitrary divisor F defined over !F g and i = 0, 1, 2 , 
one defines the kernels Ki(F) associated to the error vector e by 

Ki(F) = {/ G C{F) | S e (f ■g) = 0, V 3 g C(H, - F)} 

All the vector spaces Ki(F + Poo)/K (F), K (F)/K 1 {F), C{H X - F)/C(Hi - 
F - Pqo), Ki(F + P QC )/K 2 (F + Poo) and K 2 (F + pJj/K^F) have dimension 
at most one. Thus, we are interested in the following conditions: 

(Al) K X {F + Poo) ^ K (F) (Bl) K X (F + P^) = K 2 (F + P^) 

(A2) K Q (F) = K X {F) (B2) K 2 (F + P K ) ± K X {F) 

(A3) C(H X -F)£ C(H X - P - Poo) 



Define the conditions (A) <=> (Al) A (A2) A (A3) and (B) & (51) A (B2). 
Since one has (Al) A (Bl) <^> (A2) A (52), the conditions (A) and (B) are 
equivalent to (Al), (A3) and (Bl). 

It follows from (sections II and III) that if (A) and (B) are satisfied, then 
the coset decoding procedure can be implemented by the following algorithm, 
where D and P^ are fixed. 

Algorithm 2 (C Hl ( F )) 

Input := yi . 

J/ Ci = C2 i/ierc y2 = yi else: 

• Find c G Ci \ C 2 . 

. Find f £ K X (F + P X )\K Q (F). 

• Find .9 e £(#i - F) \ C{H X -F- P M ). 

• Compute X = S yi (fg)/S C() (fg). 

• -Set y 2 = yi - Ac . 

Output := y 2 ■ 

Unfortunately we are not able in practice to check the condition (B), since 
K%(F + Pqq) is not known from the received word y. This problem can be 
solved by means of a majority voting, on the basis of the following result due to 
Duursma (see || for further details). 

Theorem 2 (Main theorem) Let Cq 12 C\ 2 C 2 be the extension of codes 
given by Ci = Cq,(D, Hi), where H x has disjoint support with D, H = Hi — P^ 
and H 2 = H\ + Poo ■ Assume that the genus is g > 1, and take numbers t, r > 
such that 2t + r + 1 < d* = deg H\ + 2 — 2g. Take an arbitrary divisor Fq of 
degree t, and define Fi = Fq + iPoo for i = 1, . . . ,2g — 1. For an error vector e 
with weight wt(e) < t, define: 

I = {r,r + l,...,2g-2} 

T = {iel \(A)A (B) hold for F = F t } 
F = {i e I I (A) A -^(B) hold for F = F t } 
Then at least one of the following conditions holds: 

(i) C(H 1 ~F 2g _ 1 -D e -rP oo )^0 

(ii) C(F r -D e )^0 

(iii) $T > flF 

In the last section we will see how to apply this majority scheme in order 
to improve the correction capacity of the decoding algorithm by solving the 
Ehrhard's key equation up to the half of the Goppa distance. The so obtained 
procedure is thus the best possible one by solving a key equation, looking at the 
generality and the capacity of the algorithm. 
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4 Decoding by a key equation with majority 
voting 

Let C = Cq(D, G) be a strongly algebraic- geometric code, i.e. such that 2g — 2 < 

deg (G) < n. For our purpose, we can assume that g > 0, since otherwise the 

key equation corrects C up to the half of the Goppa distance and we do not 

need any majority voting. 

Consider successive divisors G r = G + rPoc, for r = 0, 1, ... ,g. Notice that 

for any such divisor G r one has 1g — 2 < deg (G r ) < n + g, and thus all these 

divisors are in the situation of the first paragraph in section 2. On the other 

d* - 1 
hand, take t = — - — , where d* = deg (G) + 2 — 2g, and assume t > 0. Take 

then a divisor Fo with degree t and set F, = Fq + iPoo for i = 1, . . . , 2g — 1 . 

Thus we can consider the following algorithm, which brings together the 
methods of Ehrhard and Duursma. In the algorithm, the main idea is that the 
conditions (i) and (ii) given by theorem 2 allows us to get the error vector by 
means of a key equation for some suitable G and F, and otherwise the condition 
(iii) provides us with a majority test to solve the coset decoding problem and 
decrease the size of the code. We assume that bases for the involved function and 
differential spaces are previously calculated together with the spaces U, V, W as 
in section 2, for all of the possible cases when algorithm 1 is applied. 

Algorithm 3 (V G (F )) 

Input := y e F™ . 

Set yi = y • 

From r = to r = g do: 

• SetH 1= G + rPoo . 

• // ICg(G — i^g-i) gets the error vector from yi , then return e and 
STOP. 

• Otherwise, if ICrx (Fr) gets the error vector from yi , then return e 
and STOP. 

• Otherwise, compute I a = {i = r, r+1, . . . , 2g— 2 | (A) holds for F — 
Fi}, apply the coset decoding procedure Ch 1 (Fi) for i G I a with input 
yi and get a vector y^ whose coset with respect to Ci = Cn(D, H\ + 
Poo) occurs most of the times. 

Set yi = y 2 and NEXT r. 

Notice that algorithm 1 is always applied to one of the divisors G r . Thus, 
if we take a divisor G* such that £(G*) = and G* < G < G r , we can use the 
same divisor G* for all the involved key equations. 



Finally, since every functional code can be expressed as a differential code 
and vice versa, we can prove the following new result, which incooperates the 
Duursma's version of the majority voting scheme into the Ehrhard's version of 
the key equation. 

Theorem 3 Let \ be a non-singular absolutely irreducible projective algebraic 

curve defined over the finite field TF q with at least n + 1 rational points. Let 

C = Cq(D,G) be an algebraic- geometric code with length n such that 2g — 

d* - 1 
2 < deg (G) < n. Let F be any divisor with degree t = , where 

d* = deg (G) + 2 — 1g is the Goppa distance of C . Then the algorithm T>q{Fq) 
decodes C up to t errors with complexity C(n 2 ' 81 ). 

Proof : 

First of all, the condition It + r + 1 < d\ = deg (Hi) + 2 — 2g is satisfied by 
every divisor Hi — G r from r — to r — g, and for t = [(d* — 1)/2J; thus we 
can apply theorem 2 in every step of the algorithm, provided wt(e) < t. 

For a fixed Hi — G r , if the condition (i) C(Hi — F2 g -i — D e — rPoo) = 
C(G — -F29-1 — D e ) 7^ holds together with wt(e) < t, then the key equation 
ICg(F) obtains the error vector for F = G — -F29-1 ; since deg F + wt(e) < d* 
and C(F — D e ) ^ 0, and theorem 1 can be applied. 

In the same way, if the condition (ii) C(F r — D e ) ^ holds together with 
wt(e) < t, then the key equation K.g t {Fr) obtains the error vector, since deg F r -\- 
wt(e) < deg (G r )+2 — 2g and C(F r —D e ) ^ 0, and theorem 1 can also be applied. 

Otherwise, the condition (iii) implies that the algorithm Cc r (Fi) is correct 
for most of the "candidates" i £ La , and we can carry on with the next step. 
Finally, for r = g the condition C(F r — D e ) ^ is always true and the algorithm 
stops at most in g + 1 steps, if not too many errors occur. 

Notice that still the complexity of this algorithm is equivalent to solve a linear 
system of size n, since most of the computations come from either applications 
of the algorithm ICg(F) or finding a function in Ki(F + Poo) \ Kq(F) (more 
details in H). Thus, the complexity is actually 0(n 2S1 ) q since solving linear 
equations can be done faster than Gaussian elimination (see for instance fl4]). 

□ 



Remark 3 Notice that the complexity 0(n 2S1 ) is even better than the com- 
plexity of Sakata's algorithm 0(n _ ^+r) if the curve x is embedded in an affine 
r-space with r > 10 (what happens in the constructions of asymptotically good 
codes given in j^j). Thus, general decoding methods which are based on solving 
linear equations are not so far from "fast decoding" as they are supposed to (see 
ply for a survey on decoding). 

2 Nowadays there are even some improvements of this complexity. 



Example 1 Consider the Klein quartic X 3 Y + Y 3 Z + Z 3 X = over F 8 . This 
curve has genus g — 3 and 24 rational points, namely, Qo = (1:0:0), 
Qx = (0 : 1 : 0) and Q 2 = (0:0:1) on the coordinate lines, and all the others 
are in the affine plane, namely, Pi, ... , P21 (see pW for details). Set Hi = G = 
4(Qo + Q1 + Q2), D = P 1 + .., + P 21 and define the code d = C = C n (D, G), 
with parameters [21, 11, > 8]. Consider the vector y! = (1, 0, 1, a, 0, ... , 0)) as a 
received word, where a € 1F 8 satisfies a 3 + a + 1 = 0, and take the divisor F Q = 
SPoo , where P^ — Q 2 ■ Notice that the correction capacity of our algorithm is 
t = 3, whereas the key equation only corrects two errors. 

Thus, in the step r — one easily checks that the conditions (i) and (ii) 
from theorem 2 are not satisfied, and hence the key equation cannot correct this 
error. Then, one computes the set Ia = {3} and applies Cg{F) to the only 
candidate F = F3 : 

• Take c= (a, a 5 , a 3 , 0, a 4 , a 2 , a 6 , 1,0, 1,1,0, ...,0) £ d \ C 2 ■ 
. Take f = a 3 + ^- e K^Fs + P x ) \ K (F 3 ). 

. Take g =^eC(G-F 3 )\ C(G - F 3 - P^). 

• Compute A = S yi (fg)/S c (fg) = a 3 

• Return y 2 = yi — Ac = (a 5 , a, a 2 , a, 1, a 5 , a 2 , a 3 , 0, a 3 , a 3 ,0, ... ,0). 

In this case we have no voting since there is an only candidate, and the 
above solution is the new yi for the next step of the algorithm, which works in 
a smaller code, and go on until the key equation gets the error vector. 

Example 2 Consider now the Hermite curve Y 4 Z + YZ 4 + X 5 = over W\§ . 
It has 64 affine rational points and only one point Poo at infinity. Let D = 
Pi + . . . + Pea, G\ = 23Poo and define the code C = Cq(D,Gi), which is of 
type [64,46, > 13]. Consider then yi = (a 12 , a 4 , a 7 , a 8 , a 9 , a 9 , 0, . . . , 0)) as a 
received word, where a € W^ satisfies a 4 + a + 1 = 0, and take the divisor 
Fo = 6Poo . 

Now for r = again (i) and (ii) do not hold, and one computes Ia = 
{1, 2, 3, 5, 7, 8, 9}. In this case, voting actually occurs and the procedure is equiv- 
alent to the algorithm of Feng and Rao (see ||/J. 
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